• info
• discussion
• exploit
• solution
• references

OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass Vulnerability

Solution:
Updates are available. Please see the references for more information.


Debian Linux 5.0 alpha

• Debian ldap-utils_2.4.11-1+lenny1_alpha.deb
  http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4 .11-1+lenny1_alpha.deb


• Debian libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb
  http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2- dbg_2.4.11-1+lenny1_alpha.deb


• Debian libldap-2.4-2_2.4.11-1+lenny1_alpha.deb
  http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_ 2.4.11-1+lenny1_alpha.deb


• Debian libldap2-dev_2.4.11-1+lenny1_alpha.deb
  http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2 .4.11-1+lenny1_alpha.deb


• Debian slapd-dbg_2.4.11-1+lenny1_alpha.deb
  http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4. 11-1+lenny1_alpha.deb


• Debian slapd_2.4.11-1+lenny1_alpha.deb
  http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1 +lenny1_alpha.deb

MandrakeSoft Linux Mandrake 2008.0

• Mandriva libldap2.3_0-2.3.38-3.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libldap2.3_0-devel-2.3.38-3.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libldap2.3_0-static-devel-2.3.38-3.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-2.3.38-3.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-clients-2.3.38-3.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-doc-2.3.38-3.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-servers-2.3.38-3.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-testprogs-2.3.38-3.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-tests-2.3.38-3.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/

Debian Linux 4.0 amd64

• Debian ldap-utils_2.3.30-5+etch3_amd64.deb
  http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_ 2.3.30-5+etch3_amd64.deb


• Debian slapd_2.3.30-5+etch3_amd64.deb
  http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.3 0-5+etch3_amd64.deb

Debian Linux 4.0 ia-32

• Debian ldap-utils_2.3.30-5+etch3_i386.deb
  http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_ 2.3.30-5+etch3_i386.deb


• Debian libldap-2.3-0_2.3.30-5+etch3_i386.deb
  http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3 -0_2.3.30-5+etch3_i386.deb


• Debian slapd_2.3.30-5+etch3_i386.deb
  http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.3 0-5+etch3_i386.deb

MandrakeSoft Linux Mandrake 2009.0 x86_64

• Mandriva lib64ldap2.4_2-2.4.11-3.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64ldap2.4_2-devel-2.4.11-3.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64ldap2.4_2-static-devel-2.4.11-3.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-2.4.11-3.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-clients-2.4.11-3.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-doc-2.4.11-3.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-servers-2.4.11-3.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-testprogs-2.4.11-3.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-tests-2.4.11-3.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Debian Linux 5.0 mips

• Debian ldap-utils_2.4.11-1+lenny1_mips.deb
  http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4 .11-1+lenny1_mips.deb


• Debian libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb
  http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2- dbg_2.4.11-1+lenny1_mips.deb


• Debian libldap-2.4-2_2.4.11-1+lenny1_mips.deb
  http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_ 2.4.11-1+lenny1_mips.deb


• Debian libldap2-dev_2.4.11-1+lenny1_mips.deb
  http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2 .4.11-1+lenny1_mips.deb


• Debian slapd-dbg_2.4.11-1+lenny1_mips.deb
  http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4. 11-1+lenny1_mips.deb

Debian Linux 5.0 sparc

• Debian libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb
  http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2- dbg_2.4.11-1+lenny1_sparc.deb


• Debian slapd-dbg_2.4.11-1+lenny1_sparc.deb
  http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4. 11-1+lenny1_sparc.deb

Debian Linux 4.0 arm

• Debian ldap-utils_2.3.30-5+etch3_arm.deb
  http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_ 2.3.30-5+etch3_arm.deb


• Debian slapd_2.3.30-5+etch3_arm.deb
  http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.3 0-5+etch3_arm.deb

MandrakeSoft Linux Mandrake 2009.1 x86_64

• Mandriva lib64ldap2.4_2-2.4.16-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64ldap2.4_2-devel-2.4.16-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64ldap2.4_2-static-devel-2.4.16-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-2.4.16-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-clients-2.4.16-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-doc-2.4.16-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-servers-2.4.16-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-testprogs-2.4.16-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-tests-2.4.16-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/

Debian Linux 4.0 powerpc

• Debian libldap-2.3-0_2.3.30-5+etch3_powerpc.deb
  http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3 -0_2.3.30-5+etch3_powerpc.deb

MandrakeSoft Enterprise Server 5

• Mandriva libldap2.4_2-2.4.11-3.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libldap2.4_2-devel-2.4.11-3.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libldap2.4_2-static-devel-2.4.11-3.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-2.4.11-3.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-clients-2.4.11-3.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-doc-2.4.11-3.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-servers-2.4.11-3.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-testprogs-2.4.11-3.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-tests-2.4.11-3.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 6.06 LTS i386

• Ubuntu ldap-utils_2.2.26-5ubuntu2.9_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2 .2.26-5ubuntu2.9_i386.deb


• Ubuntu libldap-2.2-7_2.2.26-5ubuntu2.9_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2- 7_2.2.26-5ubuntu2.9_i386.deb


• Ubuntu slapd_2.2.26-5ubuntu2.9_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26 -5ubuntu2.9_i386.deb

Debian Linux 5.0 hppa

• Debian ldap-utils_2.4.11-1+lenny1_hppa.deb
  http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4 .11-1+lenny1_hppa.deb


• Debian libldap-2.4-2_2.4.11-1+lenny1_hppa.deb
  http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_ 2.4.11-1+lenny1_hppa.deb


• Debian libldap2-dev_2.4.11-1+lenny1_hppa.deb
  http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2 .4.11-1+lenny1_hppa.deb


• Debian slapd-dbg_2.4.11-1+lenny1_hppa.deb
  http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4. 11-1+lenny1_hppa.deb

Debian Linux 4.0 sparc

• Debian ldap-utils_2.3.30-5+etch3_sparc.deb
  http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_ 2.3.30-5+etch3_sparc.deb


• Debian slapd_2.3.30-5+etch3_sparc.deb
  http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.3 0-5+etch3_sparc.deb

MandrakeSoft Linux Mandrake 2009.0

• Mandriva libldap2.4_2-2.4.11-3.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libldap2.4_2-devel-2.4.11-3.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libldap2.4_2-static-devel-2.4.11-3.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-2.4.11-3.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-clients-2.4.11-3.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-doc-2.4.11-3.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-servers-2.4.11-3.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-testprogs-2.4.11-3.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva openldap-tests-2.4.11-3.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/